Further Reading

Version 0.9.0 of the "Bitcoin Core" software, the Bitcoin infrastructure software previously known as Bitcoin-QT, contains five separate changes designed to make so-called transaction malleability attacks harder to pull off. As Ars explained last month, the attacks work by flooding exchanges with large numbers of malformed transactions that are similar, but not identical, to legitimate transactions that have already been made. Exchanges that trust one or more of the phantom records instead of the entries in the official Bitcoin blockchain can fall out of sync with the rest of the network and must recalculate their fund balances once the mistakes become apparent.

Attacks that abused the weakness caused several exchanges to suspend cash withdrawals. Tokyo-based Mt. Gox never recovered. Three weeks ago, it filed for bankruptcy after claiming to lose $468 million, $412.5 million of which it said belonged to customers.

In version 0.9.0, the transaction malleability weakness has been fixed by tightening transaction rules preventing “mutated transactions” from being relayed or mined. It also contains new functions that report wallet transactions that conflict with each other or that contain incorrect balances for double-spent (or mutated) transactions. It also includes an installation executable that works on 64-bit versions of Windows.

"If you are running an older version, shut it down," Wednesday's release notes stated. "Wait until it has completely shut down (which might take a few minutes for older versions), uninstall all earlier versions of Bitcoin, then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux). If you are upgrading from version 0.7.2 or earlier, the first time you run 0.9.0 your blockchain files will be re-indexed, which will take anywhere from 30 minutes to several hours, depending on the speed of your machine. On Windows, do not forget to uninstall all earlier versions of the Bitcoin client first, especially if you are switching to the 64-bit version."

Promoted Comments

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

It is not speculation. It is the official explanation offered by MtGOX. If anyone is speculating, then the primary speculator would be the CEO Mark Karpeles.

Serious question: how does the "software" side of bitcoin work in terms of updates?

In other words, I think I roughly understand the math of mining and the blockchain verification. But since it's decentralized, how do they enforce the software side.

If there is a vulnerability, what's to stop someone from just continuing to use the older software and exploiting? I assume it's always backwards compatible or all the distributed software verifying transactions would stop working in a coordinated effort.

I'm sure there's an explanation (obviously), I just am not sure what it is.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

Serious question: how does the "software" side of bitcoin work in terms of updates?

In other words, I think I roughly understand the math of mining and the blockchain verification. But since it's decentralized, how do they enforce the software side.

If there is a vulnerability, what's to stop someone from just continuing to use the older software and exploiting? I assume it's always backwards compatible or all the distributed software verifying transactions would stop working in a coordinated effort.

I'm sure there's an explanation (obviously), I just am not sure what it is.

There was a bug that caused a "fork" in the block chain a couple months ago. In that case there were two versions of the block chain, people running the old client and people running the new. It was essentially two different currencies and you were either part of the new fork or the old.

So worst case scenario is people need to choose which version they are running. It's a peer network so whichever network has more peers is more correct...

There was not a fork for this bug or you would have heard about it already.

Version 0.9 eh? So they were running $millions worth of transactions using Beta software? Smart

You're getting downvoted but you're right. Having had to build Bitcoin from source, I can tell you that the state of the code as far as building is absolutely atrocious. Running executables with --help may tell of options which don't exist. Docs are nonexistent or incorrect. The build-and-install process on Linux is a horror show.

Any piece of software with that many problems in build is running on a mountain of sh*t code, I guarantee it. I haven't needed (or wanted) to look through the source itself, but the horrible build process tells me enough, and it's true for a lot of the altcoins as well, of course.

Aaaaah! Ars, Ars, Ars - why do you just copy and paste articles from other web sites, complete with errors.

Yes, 0.9.0 fixed malleability problems. There were a lot different unrelated issues that cause malleability problems. For example, there are two possible solutions to a ECDSA signature, which means you could publish the same transaction with two different signatures.

If mtgox's PR statements about what caused their woes is right, then yes it was caused by *a* malleability problem. But remember mtgox's PR statements weren't attempting to describe the problem so people could understand what happened. Instead they were trying to clam down customers in preparation for their triumphant return. To date mtgox has not issued a technical explaination of what happened, and thus all we have is speculation. The only thing that trump's ARS's continual insistence in taking mtgox's public statements at face value, is your taking the word of Silk Road 2 (a criminal organisation) on how the disappearance of their customers money wasn't their fault. This is a habit you really need to kick.

The potential problem caused by transaction malleability stems from the fact that the bitcoin protocol is public, so an attacker can watch every transaction go into the pool. If:

they modify the transaction so the transaction id is different and send it back to the pool, and

due to network delays some miners get their version first rather than original one they modified, and

that miner wins the block, and

then the generator of the original transaction doesn't recognise it due to a bug in their software not recognising the different transaction id, and

they assume the transaction has been lost rather than doing a through check of the block chain, and

they were transferring bitcoins to the attacker, and

they create a new transaction and transfer it to the attacker.

Then they have been tricked into sending bitcoins to the attacker twice, so he doubles his money. After seeing all the "and"'s in the sentence it should come as no surprise that a successful version of this attack has to my knowledge never been observed.

So even if mtgox's was related to transaction malleability, it was only tangentially. We know that mtgox was generating invalid transactions that were rejected by the network. This whine is typical description of the symptoms. We don't know why mtgox's transactions were being rejected by the network - just that they were.

But we can manage a pretty good guess, because it was something new. One thing that was new occurred about a year ago - the bitcoin reference implementation started rejecting numbers with leading zero's in the ECDSA signature. If mtgox generated transactions that leading zero's then they would be rejected, permanently. This would have been a gradual thing, as I gather miners don't upgrade software simultaneously. So what mtgox saw was an increasing proportion of their transactions rejected.

Some people say they saw transactions with leading zero's. If true as to what happened this guess becomes a nearer to certainty:

But, the problems continued. More and more transactions were failing for users. And, MtGox has a nice page showing the currently failing transactions! They just recently started redacting information in them…

Now, the reason was that their software was sending transactions with padded signatures, which were denied by other bitcoin software

If this did happen then their wallet was ripe for the picking, because the race condition that made the malleability problem hard to exploit is gone and we know from mtgox's one admissions they did have the other flaws mentioned above.

Anyway, back to the problem with this Bitcoin software gets fix for weakness that helped bring down Mt. Gox story. The fix to the "problem" that most likely caused mtgox's problems happened one year ago, before mtgox lost a bitcoin due to it(!) The headline is a best speculation, and probably completely wrong.

Aaaaah! Ars, Ars, Ars - why do you just copy and paste articles from other web sites, complete with errors.

The only thing that trump's ARS's continual insistence in taking mtgox's public statements at face value, is your taking the word of Silk Road 2 (a criminal organisation) on how the disappearance of their customers money wasn't their fault. This is a habit you really need to kick.

I really like the "idea" of bitcoin however until we can be more assured I am staying away.

"Fiat" currency or not, I still feel much safer converting my electronic dollars to paper dollars.

P.S. Stay away from my mattress.

Edit: BTW, I am totally not buying into the Mt. Gox statements on this as well. I will be really surprised if criminal charges are not forthcoming. I believe they exploited a weakness to abscond with the money.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

There is none. This software patch for a bug known about for a very long time, though, is very poorly timed. This could lead some to believe that it was a contributory factor. That they went for so long knowing about this particular bug and not fixing it, I just think doing it now was a bad choice from a publicity standpoint.

Before this, Mt. Gox was a zombie company, the walking dead, just waiting to be covered in dirt. Now, Mt. Gox is a zombie company, the walking dead, just waiting to be covered in dirt. I hope they serve nice food at the funeral.

Aaaaah! Ars, Ars, Ars - why do you just copy and paste articles from other web sites, complete with errors.…If mtgox's PR statements about what caused their woes is right, then yes it was caused by *a* malleability problem. But remember mtgox's PR statements weren't attempting to describe the problem so people could understand what happened. Instead they were trying to clam down customers in preparation for their triumphant return. To date mtgox has not issued a technical explaination of what happened, and thus all we have is speculation. … This is a habit you really need to kick.…

THIS.

I also wanted to comment that this entire article seems to be giving a huge dose of "benefit of the doubt" to Mt. Gox et al., 2014. Which IMHO is undeserved.

Fortunately, steelgrass said it much better, and much more detailed that I would have been able to do.

Serious question: how does the "software" side of bitcoin work in terms of updates?

In other words, I think I roughly understand the math of mining and the blockchain verification. But since it's decentralized, how do they enforce the software side.

If there is a vulnerability, what's to stop someone from just continuing to use the older software and exploiting? I assume it's always backwards compatible or all the distributed software verifying transactions would stop working in a coordinated effort.

I'm sure there's an explanation (obviously), I just am not sure what it is.

The safeguard is the distributed nature. Your bad transaction propagates and gets tossed by the majority. Without that acceptance your transaction is not part of the official history.

An exchange could continue to use the older software, but the only gain in using the exploit is to steal customer's BTC. That could land the operators in legal trouble. Even if the operators are honest, failure to upgrade to the safer version is going to look very bad if they need to explain problems down the road.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

It is not speculation. It is the official explanation offered by MtGOX. If anyone is speculating, then the primary speculator would be the CEO Mark Karpeles.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

There is none. This software patch for a bug known about for a very long time, though, is very poorly timed. This could lead some to believe that it was a contributory factor. That they went for so long knowing about this particular bug and not fixing it, I just think doing it now was a bad choice from a publicity standpoint.

Poorly timed or not, it's always best to acknowledge a problem and fix it ASAP. I see the myth of invulnerability as one of Bitcoin's problems. Any time an unfavorable story appears, I see advocates maintaining that there is "nothing wrong with the protocol." It's not a good way to build public confidence, as Toyota is learning right now.

i always wonder how easy it is for someone to delete access to their bitcoins when performing an upgrade.

Easy: you lose your private key, and your wallet is inaccessible forever. This also applies to forgetting the password to an encrypted wallet (two BTC I bought a year ago are winking at me inaccessibly due to this).

Like, really? This has been debunked a gazillion times before. To use this to defraud an exchange, one has to raise the issue with their support for every single withdrawal. It's certainly possible to defraud a susceptible exchange of significant sums of money, but NOT the amounts MtGox ended up losing.

Version 0.9 eh? So they were running $millions worth of transactions using Beta software? Smart

You're getting downvoted but you're right. Having had to build Bitcoin from source, I can tell you that the state of the code as far as building is absolutely atrocious. Running executables with --help may tell of options which don't exist. Docs are nonexistent or incorrect. The build-and-install process on Linux is a horror show.

Any piece of software with that many problems in build is running on a mountain of sh*t code, I guarantee it. I haven't needed (or wanted) to look through the source itself, but the horrible build process tells me enough, and it's true for a lot of the altcoins as well, of course.

Its true for those altcoins because most are simply forks of the current revision of the Bitcoin client itself.

Which is both good and bad. The good is once compiled the client actually is good. Its bad because the quality of the code is bad if what you describe is true.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

It is not speculation. It is the official explanation offered by MtGOX. If anyone is speculating, then the primary speculator would be the CEO Mark Karpeles.

The speculation is that Mtgox's official statement isn't accurate, either intentionally or not.

...the complaint said that there had been some proof that small amounts of Bitcoin reported to belong to MtGox were being transferred either to new accounts or to accounts held by MtGox executives.

On March 7, 2014, reports began surfacing that 180,000 bitcoins believed to be associated with Mt. Gox (worth approximately $113 million dollars) were being moved through the “Block Chain” (the public ledger that records all Bitcoin transactions) and broken down into different accounts in preparation for mixing or tumbling them to avoid detection. Upon information and belief, some of these bitcoins have been transferred into active accounts associated with Mt. Gox Defendants. ...

Further upon information and belief, Mt. Gox Defendants have already hidden and/or transferred funds associated with Mt. Gox, and continue to do so, during the pendency of its bankruptcy proceedings.

need to wait and see.

Its pretty damn easy in a system with no true accountability (the exchanges, Mt.Gox in this case) operated based upon "we say so" to "suddenly" come up with some or all of the stolen loot when its theft is detected. In such cases its simply a matter of saying "oh look, here it is" as they "recover" the stolen loot from the places it was put as part of the theft hoping the theft would not be detected.

Also, with the recent revelation that MtGox magically "found" 200,000 lost bitcoins, I think the malleability bug is just a red herring. It might have led to the loss of some bitcoins, but in reality, it was a combination of technical error, lack of controls, and lack of an engineering culture that "helped bring down MtGox".

"If you are running an older version, shut it down," Wednesday's release notes stated. "Wait until it has completely shut down (which might take a few minutes for older versions), uninstall all earlier versions of Bitcoin, then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux). If you are upgrading from version 0.7.2 or earlier, the first time you run 0.9.0 your blockchain files will be re-indexed, which will take anywhere from 30 minutes to several hours, depending on the speed of your machine. On Windows, do not forget to uninstall all earlier versions of the Bitcoin client first, especially if you are switching to the 64-bit version."

What I don't get is how can the flaw be fixed and propogated to 100% of those participating in the "currency" use ? I have never seen in the history of modern computing a 100% saturation point.

So some Users do not bother to update their software - which makes the exploit still around. What they need to do is to force into the servers / core systems is something that rejects and denies older versions of the Client software forcing end Users to upgrade or drop them from the network.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

It is not speculation. It is the official explanation offered by MtGOX. If anyone is speculating, then the primary speculator would be the CEO Mark Karpeles.

The bug is an inherent flaw in BitCoin that has been known for several years. MtGox has been using that as an excuse in this latest round of shenanigans.

There's no flaw in BitCoins. It was Mt Gox's implementation that was buggy. BitCoins is perfectly secure. Those bozos at Mt Gox are either crooks or didn't know what they were doing. That so called bug was well known, and everyone knows you shouldn't depend upon that field. You shouldn't do what Mt Gox did. They were crooks or idiots or both. There's nothing wrong with BitCoins.

And now today's episode:

Quote:

By the way, here's the software fix that fixes the bug that brought down Mt Gox.

Also, with the recent revelation that MtGox magically "found" 200,000 lost bitcoins, I think the malleability bug is just a red herring. It might have led to the loss of some bitcoins, but in reality, it was a combination of technical error, lack of controls, and lack of an engineering culture that "helped bring down MtGox".

"If you are running an older version, shut it down," Wednesday's release notes stated. "Wait until it has completely shut down (which might take a few minutes for older versions), uninstall all earlier versions of Bitcoin, then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux). If you are upgrading from version 0.7.2 or earlier, the first time you run 0.9.0 your blockchain files will be re-indexed, which will take anywhere from 30 minutes to several hours, depending on the speed of your machine. On Windows, do not forget to uninstall all earlier versions of the Bitcoin client first, especially if you are switching to the 64-bit version."

What I don't get is how can the flaw be fixed and propogated to 100% of those participating in the "currency" use ? I have never seen in the history of modern computing a 100% saturation point.

So some Users do not bother to update their software - which makes the exploit still around. What they need to do is to force into the servers / core systems is something that rejects and denies older versions of the Client software forcing end Users to upgrade or drop them from the network.

As was noted earlier in the thread. If the new code's blockchain is incompatible, then the blockchain forks. Users who fail to upgrade are dropped from the system. You either switch to a compatible version or quit, similar to using commercial Windows software. When support for the old APIs is dropped, you either stop buying new software or switch to a later version of Windows. Weak analogy, because there are cases where the old software is required for business purposes and the source is not availlable for revision, but unless you are starting a parallel BTC, forking is bad and you will upgrade to keep your money in circulation.

I post this in every story, because it always comes up. There's been a lot of speculation that a transaction malleability bug was related to Mt. Gox, and everyone repeats that speculation like it's fact. Where's the evidence?

It is not speculation. It is the official explanation offered by MtGOX. If anyone is speculating, then the primary speculator would be the CEO Mark Karpeles.

The bug is an inherent flaw in BitCoin that has been known for several years. MtGox has been using that as an excuse in this latest round of shenanigans.

As I said, it is not speculation, it is the stated reason given out by Mr. Karpeles.

This "bug" did not cost them a dime, a cent, a btc, a satoshi.. nothing.

The entire effect of the transaction malleability issue is that a transaction ID could change *before* the transaction was contained in the blockchain. It did not affect where BTC was going, nor where it came from.

Gox misused the TXID, treating it as immutable PK before the transaction was confirmed by the blockchain. When the transaction did make it to the chain, it had a different TXID, and the recipients (scammers) reported to gox that they never got their money.

Gox looked up the TXID, found it was not accepted into the block chain, and send them coins again.